This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
      • Netwitness XDR
      • EC-Council Training
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
    • Role-Based Training
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
HermesBojaxhi
HermesBojaxhi Contributor
Contributor
since ‎2018-08-27
‎2022-01-07

User Statistics

  • 4 Posts
  • 0 Solutions
  • 1 Likes given
  • 12 Likes received
Welcome Back!
Welcome
Stamps of Approval
Someone Likes You
View all badges
  • NetWitness Community
  • About HermesBojaxhi

User Activity

  • Posts
  • Replies

Exchange Exploit Case Study – CVE-2020-0688

by HermesBojaxhi 2020-03-24 general.in NetWitness Community Blog • latest reply by RuiAtaide 2020-08-25
2020-03-24
Abstract In this blog I describe a recent intrusion that started with the exploit of CVE-2020-0688. Microsoft released a patch for this vulnerability on 11 February 2020. In order for this exploit to work, an authenticated account is needed to be abl...

Do you MFT? Here's an MFT Overview.

by HermesBojaxhi 2019-03-13 general.in NetWitness Community Blog • latest reply by EricCrawford 2019-03-13
2019-03-13
RSA Netwitness Endpoint (NWE) offers various ways to alert the analyst of potentially malicious activity. Typically, we recommend that an analyst look at the IIOCs daily, and investigate and categorize (whitelist/graylist/blacklist) any hits on IIOC ...

Re: ECAT Alert on Domain Controller connections

by HermesBojaxhi 2019-01-22 general.in NetWitness Discussions • latest reply by JeremyKerwin 2019-01-22
2019-01-22
Hello Jeremy, I wanted to complement some of the replies that Rui has already provided. The mounting of shares (c$, admin$, and ipc$) is a typical step of lateral movement. Typically, or at some point, this will happen from an endpoint in the network...

Re: Netwitness Endpoint "Block & Quarantine File" option

by HermesBojaxhi 2018-08-27 general.in NetWitness Discussions
2018-08-27
Hello Toma, If Blocking is not working for you it could be because it is not enabled. Blocking can be enabled/disabled in three locations:1. Globally by going to: Configure -> Global Parameters -> Enable Blocking System checkbox2. At the group level ...
Likes from
User Count
Anonymous
1
PraveenPandyan
PraveenPandyan Beginner
1
RuiAtaide
Respected Contributor RuiAtaide Respected Contributor
1
HalimAbouzeid
Respected Contributor HalimAbouzeid Respected Contributor
1
LeeKirkpatrick
Valued Contributor LeeKirkpatrick Valued Contributor
2
View all
Likes given to
User Count
ChristopherAhea
ChristopherAhea Beginner
1
View all
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.